InfoconDB

Presented at SAINTCON 2019, Oct. 24, 2019, 1:30 p.m. (60 minutes)

The rules of passwords have changed, but are you keeping up? Find out about new NIST Digital Identity Guidelines as well as recommendations from the 2019 OWASP Application Security Verification Standard 4.0. Now, depending on who you are, the rules may be different. Which horseman are you? Which horseman are you dealing with? I'll address those frequently asked questions; how long should my password be and what's the minimum length my website should require. Find out why my 3-character password is stronger than your 17-character password. I'll dive into the statistics of a 25 GPU password cracking machine and several modern hashing algorithms. See how much of a difference your algorithm makes as well as the rules you use for your passwords. There's also a mystery horseman you should be aware of that's sewing lots of dissension. And pay attention, there might even be something to help with your Hackers Challenge.

Presenters:

Chris Mather - Whitecap Cybersecurity
Chris Mather currently works as a Sr. Application Developer / Cybersecurity Analyst for a major organization. He's been an infosec manager for 10 years and a software developer for over 20 years. He's a security evangelist at work and contributes to improving security policies and procedures. Chris has led the development of several enterprise web applications through the years and always puts security first in SecDevOps. CSSLP is the only alphabet soup behind his name so far.

The Four Horsemen of Passwords

Presenters:

Links:

Similar Presentations: